CN105827652B - A kind of method and apparatus authenticating dynamic password - Google Patents
A kind of method and apparatus authenticating dynamic password Download PDFInfo
- Publication number
- CN105827652B CN105827652B CN201610350413.1A CN201610350413A CN105827652B CN 105827652 B CN105827652 B CN 105827652B CN 201610350413 A CN201610350413 A CN 201610350413A CN 105827652 B CN105827652 B CN 105827652B
- Authority
- CN
- China
- Prior art keywords
- token
- dynamic
- serial number
- client
- dynamic password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Abstract
The invention discloses a kind of methods and apparatus for authenticating dynamic password to obtain the token serial number of the NFC dynamic token and the dynamic password from the NFC dynamic token method includes the following steps: client and NFC dynamic token establish NFC communication;The client encrypts the dynamic password, is obtained third ciphertext, and the third ciphertext, second random number and the token serial number are sent to token server using the token serial number and the second random number itself saved;The client receives the certification success message or authentification failure message that application server returns.The present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent to token server and is authenticated, and avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improves the safety of dynamic token.
Description
Technical field
The present invention relates to information security fields, more particularly to a kind of method and apparatus for authenticating dynamic password.
Background technique
Dynamic token is a kind of equipment for generating dynamic password, is widely used in Internetbank, telecom operators and electronics
The application fields such as government affairs.Dynamic token dynamic password generated can be used for authentication, can effectively improve authentication
Safety.
In the prior art, it after dynamic token generates dynamic password, needs that dynamic password is manually entered into webpage by user
Or client, it is easy error, and safety is poor.
Summary of the invention
The present invention provides a kind of methods and apparatus for authenticating dynamic password, to solve dynamic token peace in the prior art
The poor defect of full property.
The present invention provides a kind of methods for authenticating dynamic password, comprising the following steps:
Client and NFC dynamic token establish NFC communication, obtain the token serial number of the NFC dynamic token and come
From the dynamic password of the NFC dynamic token;
The client carries out the dynamic password using the token serial number and the second random number itself saved
Encryption obtains third ciphertext, and the third ciphertext, second random number and the token serial number is sent the clothes that give token
Business device;
The client receives the certification success message or authentification failure message that application server returns.
The present invention also provides a kind of methods for authenticating dynamic password, comprising the following steps:
Token server receives third ciphertext, the second random number and token serial number from client, uses the order
Card sequence number and second random number, are decrypted the third ciphertext, obtain dynamic password;
The token server retrieves corresponding seed file according to the token serial number, uses the kind Ziwen retrieved
Part authenticates the dynamic password, if certification passes through, sends certification success message to application server;Otherwise, to
Application server sends authentification failure message.
The present invention also provides a kind of clients, comprising:
Communication module, for establishing NFC communication with NFC dynamic token;
First obtains module, for obtaining the token serial number of the NFC dynamic token;
Second obtains module, for obtaining the dynamic password from the NFC dynamic token;
Memory module, for saving the second random number;
Encrypting module adds the dynamic password for using the token serial number and second random number
It is close, obtain third ciphertext;
Sending module, for the transmission of the third ciphertext, second random number and the token serial number to give token
Server;
Receiving module, for receiving the certification success message or authentification failure message of application server return.
The present invention also provides a kind of token servers, comprising:
Receiving module, for receiving third ciphertext, the second random number and token serial number from client;
Deciphering module solves the third ciphertext for using the token serial number and second random number
It is close, obtain dynamic password;
Retrieval module, for retrieving corresponding seed file according to the token serial number;
Authentication module, the seed file for being retrieved using the retrieval module, authenticates the dynamic password;
Sending module, for being sent to application server after the authentication module passes through the dynamic password authentication
Authenticate success message;After the authentication module does not pass through the dynamic password authentication, certification is sent to application server and is lost
Lose message.
The present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent to order
Board server is authenticated, and user is avoided to malfunction and divulge a secret when being manually entered dynamic password, improves the safety of dynamic token
Property.
Detailed description of the invention
Fig. 1 is the method flow diagram that one of embodiment of the present invention authenticates dynamic password;
Fig. 2 is the method flow diagram of another certification dynamic password in the embodiment of the present invention;
Fig. 3 is the structural schematic diagram of one of embodiment of the present invention client;
Fig. 4 is the structural schematic diagram of one of embodiment of the present invention token server.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the invention provides a kind of methods for authenticating dynamic password, as shown in Figure 1, comprising the following steps:
Step 101, client and NFC (Near Field Communication, near-field communication) dynamic token establish NFC
Communication.
Step 102, client sends the second instruction to NFC dynamic token, receives the sequence of tokens that NFC dynamic token returns
Number, and the token serial number is saved.
For example, client sends the second instruction " 0x4402043A " to NFC dynamic token, receives NFC dynamic token and return
Token serial number " 15357 ".
Step 103, client sends third instruction to NFC dynamic token, receives the dynamic mouth that NFC dynamic token returns
It enables.
For example, client sends third instruction " 0x44020110 " to NFC dynamic token, receives NFC dynamic token and return
Dynamic password " 355569 ".
Step 104, client adds dynamic password using token serial number and the second random number itself saved
It is close, third ciphertext is obtained, and third ciphertext, the second random number and token serial number are sent to token server.
Specifically, the second generating random number encryption key that client is saved according to itself, generates according to token serial number
Initialization vector encrypts dynamic password using encryption key and initialization vector, obtains third ciphertext.
In the present embodiment, client can be hashed the second random number and preset value, using obtained hashed value as
Encryption key;Token serial number and preset value are hashed, using obtained hashed value as initialization vector.Wherein, second
Random number can be utc number of seconds.
For example, client is using the second random number " 0x297A " and token serial number " 15357 " to dynamic password
" 355569 " are encrypted, and are obtained third ciphertext " D465A1 ", and by third ciphertext " D465A1 ", the second random number " 0x297A "
Token server is sent to token serial number " 15357 ".
Step 105, token server is close to the third received using the token serial number and the second random number received
Text is decrypted, and obtains dynamic password.
Specifically, token server is according to the second generating random number encryption key received, according to the token received
Sequence number generates initialization vector and is decrypted, is obtained to the third ciphertext received using encryption key and initialization vector
Dynamic password.
In the present embodiment, token server can be hashed the second random number and preset value received, will be obtained
Hashed value as encryption key;The token serial number and preset value that receive are hashed, using obtained hashed value as
Initialization vector.
For example, token server uses the token serial number " 15357 " and the second random number " 0x297A " received, docking
The third ciphertext " D465A1 " received is decrypted, and obtains dynamic password " 355569 ".
Step 106, token server retrieves corresponding seed file according to the token serial number that receives, using retrieving
Seed file, the obtained dynamic password of decryption is authenticated, if certification passes through, thens follow the steps 107;Otherwise, it executes
Step 110.
For example, token server retrieves corresponding seed file according to the token serial number " 15357 " received
" 0x8D5828922FEBFC8597 ", and the seed file is used, the dynamic password " 355569 " obtained to decryption authenticates.
Step 107, token server sends certification success message to application server.
Step 108, application server sends certification success message to client.
Step 109, client shows authentication success message according to the certification success message received.
Step 110, token server sends authentification failure message to application server.
Step 111, application server sends authentification failure message to client.
Step 112, client shows authentication failure message according to the authentification failure message received.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out
It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token
Safety.
The embodiment of the invention also provides the methods of another certification dynamic password, as shown in Figure 2, comprising the following steps:
Step 201, client and NFC dynamic token establish NFC communication.
Step 202, client sends third instruction to NFC dynamic token, receives the dynamic mouth that NFC dynamic token returns
It enables.
For example, client sends third instruction " 0x44020110 " to NFC dynamic token, receives NFC dynamic token and return
Dynamic password " 355569 ".
Step 203, client obtains corresponding token serial number according to user name, using token serial number and itself saves
The second random number dynamic password is encrypted, obtain third ciphertext, and by third ciphertext, the second random number and sequence of tokens
Number it is sent to token server.
Specifically, the second generating random number encryption key that client is saved according to itself, generates according to token serial number
Initialization vector encrypts dynamic password using encryption key and initialization vector, obtains third ciphertext.
In the present embodiment, client can be hashed the second random number and preset value, using obtained hashed value as
Encryption key;Token serial number and preset value are hashed, using obtained hashed value as initialization vector.Wherein, second
Random number can be utc number of seconds.
For example, client obtains corresponding token serial number " 15357 " according to user name " admin ", it is random using second
Number " 0x297A " and token serial number " 15357 " encrypt dynamic password " 355569 ", obtain third ciphertext " D465A1 ",
And third ciphertext " D465A1 ", the second random number " 0x297A " and token serial number " 15357 " are sent to token server.
Step 204, token server is close to the third received using the token serial number and the second random number received
Text is decrypted, and obtains dynamic password.
Specifically, token server is according to the second generating random number encryption key received, according to the token received
Sequence number generates initialization vector and is decrypted, is obtained to the third ciphertext received using encryption key and initialization vector
Dynamic password.
In the present embodiment, token server can be hashed the second random number and preset value received, will be obtained
Hashed value as encryption key;The token serial number and preset value that receive are hashed, using obtained hashed value as
Initialization vector.
For example, token server uses the token serial number " 15357 " and the second random number " 0x297A " received, docking
The third ciphertext " D465A1 " received is decrypted, and obtains dynamic password " 355569 ".
Step 205, token server retrieves corresponding seed file according to the token serial number received and token deviates
Value, using the seed file and token deviant retrieved, the dynamic password obtained to decryption is authenticated, if certification is logical
It crosses, thens follow the steps 206;Otherwise, step 209 is executed.
For example, token server retrieves corresponding seed file according to the token serial number " 15357 " received
" 0x8D5828922FEBFC8597 " and token deviant " 254 ", and the seed file and token deviant are used, to decrypting
To dynamic password " 355569 " authenticated.
Step 206, token server sends certification success message to application server.
Step 207, application server sends certification success message to client.
Step 208, client shows authentication success message according to the certification success message received.
Step 209, token server sends authentification failure message to application server.
Step 210, application server sends authentification failure message to client.
Step 211, client shows authentication failure message according to the authentification failure message received.
The dynamic password that NFC dynamic token generates is sent to mobile device by the channel NFC by the embodiment of the present invention, is avoided
User malfunctions and divulges a secret when being manually entered dynamic password, improves the safety of dynamic token.
It should be noted that client can also obtain the token of user's input in other embodiments of the invention
Sequence number encrypts dynamic password using the token serial number and the second random number itself saved, obtains third ciphertext,
And third ciphertext, the second random number and token serial number are sent to token server, it equally can be realized invention of the invention
Purpose.
For example, client obtains the token serial number " 15357 " of user's input, using the second random number " 0x297A " and enable
Card sequence number " 15357 " encrypts dynamic password " 355569 ", obtains third ciphertext " D465A1 ", and by third ciphertext
" D465A1 ", the second random number " 0x297A " and token serial number " 15357 " are sent to token server.
In addition, token server using seed file and token deviant, authenticate to dynamic password after passing through, may be used also
To be updated to token deviant.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out
It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token
Safety.
Based on the method for above-mentioned certification dynamic password, the embodiment of the invention also provides a kind of clients, comprising:
Communication module 310, for establishing NFC communication with NFC dynamic token;
First obtains module 320, for obtaining the token serial number of the NFC dynamic token;
Second obtains module 330, for obtaining the dynamic password from the NFC dynamic token;
Memory module 340, for saving the second random number;
Encrypting module 350 carries out the dynamic password for using the token serial number and second random number
Encryption, obtains third ciphertext;
Sending module 360, for the third ciphertext, second random number and the token serial number to be sent to order
Board server;
Receiving module 370, for receiving the certification success message or authentification failure message of application server return.
Specifically, above-mentioned first module 320 is obtained, is specifically used for sending the second instruction to the NFC dynamic token, receives
The token serial number that the NFC dynamic token returns;
Alternatively, obtaining corresponding token serial number according to user name.
Further, above-mentioned encrypting module 350, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is encrypted, for using the encryption key and the initialization vector, the dynamic password is added
It is close, obtain third ciphertext.
Further, above-mentioned first submodule is generated, specifically for being hashed to second random number and preset value,
Using obtained hashed value as encryption key;
Above-mentioned second generates submodule, specifically for hashing to the token serial number and preset value, by what is obtained
Hashed value is as initialization vector.
Further, above-mentioned second module 330 is obtained, is specifically used for sending third instruction to the NFC dynamic token, connects
Receive the dynamic password that the NFC dynamic token returns.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out
It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token
Safety.
Based on the method for above-mentioned certification dynamic password, the embodiment of the invention also provides a kind of token servers, such as Fig. 4 institute
Show, comprising:
Receiving module 410, for receiving third ciphertext, the second random number and token serial number from client;
Deciphering module 420 carries out the third ciphertext for using the token serial number and second random number
Decryption, obtains dynamic password;
Retrieval module 430, for retrieving corresponding seed file according to the token serial number;
Authentication module 440, the seed file for being retrieved using the retrieval module, recognizes the dynamic password
Card;
Sending module 450, for being sent out to application server after the authentication module passes through the dynamic password authentication
Send certification success message;After the authentication module does not pass through the dynamic password authentication, sends and authenticate to application server
Failed message.
Specifically, above-mentioned retrieval module 430, be specifically used for being retrieved according to the token serial number corresponding seed file and
Token deviant;
Correspondingly, above-mentioned authentication module 440, specifically for the seed file and token retrieved using the retrieval module
Deviant authenticates the dynamic password.
Further, above-mentioned deciphering module 420, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is decrypted, for using the encryption key and the initialization vector, the third ciphertext is solved
It is close, obtain dynamic password.
Further, above-mentioned first submodule is generated, specifically for being hashed to second random number and preset value,
Using obtained hashed value as encryption key.
Above-mentioned second generates submodule, specifically for hashing to the token serial number and preset value, by what is obtained
Hashed value is as initialization vector.
The embodiment of the present invention obtains the dynamic password that NFC dynamic token generates by the channel NFC, and the dynamic password is sent out
It gives token server to be authenticated, avoids user from malfunctioning and divulge a secret when being manually entered dynamic password, improve dynamic token
Safety.
Step in method described in conjunction with the examples disclosed in this document can directly use hardware, processor to execute
The combination of software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only memory
(ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In any other form of storage medium well known to interior.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (18)
1. a kind of method for authenticating dynamic password, which comprises the following steps:
Client and NFC dynamic token establish NFC communication, obtain the token serial number of the NFC dynamic token and from institute
State the dynamic password of NFC dynamic token;
The client adds the dynamic password using the token serial number and the second random number itself saved
It is close, third ciphertext is obtained, and the third ciphertext, second random number and the token serial number are sent to token service
Device;
The client receives the certification success message or authentification failure message that application server returns;
The client encrypts dynamic password, is obtained using the token serial number and the second random number itself saved
To third ciphertext, specifically:
The client according to the second generating random number encryption key, according to the token serial number generate initialization to
Amount, using the encryption key and the initialization vector, encrypts the dynamic password, obtains third ciphertext.
2. the method as described in claim 1, which is characterized in that the client obtains the token sequence of the NFC dynamic token
Row number, specifically:
The client sends the second instruction to the NFC dynamic token, receives the sequence of tokens that the NFC dynamic token returns
Number;
Alternatively,
The client obtains corresponding token serial number according to user name.
3. the method as described in claim 1, which is characterized in that the client encrypts close according to second generating random number
Key, specifically:
The client hashes second random number and preset value, using obtained hashed value as encryption key;
The client generates initialization vector according to the token serial number, specifically:
The client hashes the token serial number and preset value, using obtained hashed value as initialization vector.
4. the method as described in claim 1, which is characterized in that the client obtains dynamic from the NFC dynamic token
State password, specifically:
The client sends third instruction to the NFC dynamic token, receives the dynamic mouth that the NFC dynamic token returns
It enables.
5. a kind of method for authenticating dynamic password, which comprises the following steps:
Token server receives third ciphertext, the second random number and token serial number from client, uses the token sequence
Row number and second random number, are decrypted the third ciphertext, obtain what the client was arrived by NFC channel reception
Dynamic password from NFC dynamic token;
The token server retrieves corresponding seed file according to the token serial number, using the seed file retrieved,
The dynamic password is authenticated, if certification passes through, sends certification success message to application server;Otherwise, Xiang Ying
Authentification failure message is sent with server.
6. method as claimed in claim 5, which is characterized in that the token server is according to token serial number retrieval pair
The seed file answered authenticates the dynamic password using the seed file retrieved, specifically:
The token server retrieves corresponding seed file and token deviant according to the token serial number, using retrieving
Seed file and token deviant, the dynamic password is authenticated.
7. method as claimed in claim 5, which is characterized in that the token server uses the token serial number and described
Second random number is decrypted the third ciphertext, obtains dynamic password, specifically:
The token server is generated according to the token serial number and is initialized according to the second generating random number encryption key
Vector is decrypted the third ciphertext, is obtained dynamic password using the encryption key and the initialization vector.
8. the method for claim 7, which is characterized in that the token server adds according to second generating random number
Key, specifically:
The token server hashes second random number and preset value, and obtained hashed value is close as encrypting
Key.
9. the method for claim 7, which is characterized in that the token server generates just according to the token serial number
Beginningization vector, specifically:
The token server hashes the token serial number and preset value, using obtained hashed value as initialization to
Amount.
10. a kind of client characterized by comprising
Communication module, for establishing NFC communication with NFC dynamic token;
First obtains module, for obtaining the token serial number of the NFC dynamic token;
Second obtains module, for obtaining the dynamic password from the NFC dynamic token;
Memory module, for saving the second random number;
Encrypting module encrypts the dynamic password, obtains for using the token serial number and second random number
To third ciphertext;
Sending module, for the third ciphertext, second random number and the token serial number to be sent to token service
Device;
Receiving module, for receiving the certification success message or authentification failure message of application server return;
The encrypting module, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is encrypted, for using the encryption key and the initialization vector, the dynamic password is encrypted, is obtained
To third ciphertext.
11. client as claimed in claim 10, which is characterized in that
Described first obtains module, is specifically used for sending the second instruction to the NFC dynamic token, receives the NFC dynamic and enables
The token serial number that board returns;
Alternatively, obtaining corresponding token serial number according to user name.
12. client as claimed in claim 10, which is characterized in that
Described first generates submodule, specifically for hashing to second random number and preset value, the hash that will be obtained
Value is used as encryption key;
Described second generates submodule, specifically for hashing to the token serial number and preset value, the hash that will be obtained
Value is used as initialization vector.
13. client as claimed in claim 10, which is characterized in that
Described second obtains module, is specifically used for sending third instruction to the NFC dynamic token, receives the NFC dynamic and enables
The dynamic password that board returns.
14. a kind of token server characterized by comprising
Receiving module, for receiving third ciphertext, the second random number and token serial number from client;
Deciphering module is decrypted the third ciphertext, obtains for using the token serial number and second random number
The dynamic password from NFC dynamic token arrived to the client by NFC channel reception;
Retrieval module, for retrieving corresponding seed file according to the token serial number;
Authentication module, the seed file for being retrieved using the retrieval module, authenticates the dynamic password;
Sending module, for sending and authenticating to application server after the authentication module passes through the dynamic password authentication
Success message;After the authentication module does not pass through the dynamic password authentication, authentification failure is sent to application server and is disappeared
Breath.
15. token server as claimed in claim 14, which is characterized in that
The retrieval module is specifically used for retrieving corresponding seed file and token deviant according to the token serial number;
The authentication module, specifically for the seed file and token deviant retrieved using the retrieval module, to described
Dynamic password is authenticated.
16. token server as claimed in claim 14, which is characterized in that the deciphering module, comprising:
First generates submodule, for according to the second generating random number encryption key;
Second generates submodule, for generating initialization vector according to the token serial number;
Submodule is decrypted, for using the encryption key and the initialization vector, the third ciphertext is decrypted, is obtained
To dynamic password.
17. token server as claimed in claim 16, which is characterized in that
Described first generates submodule, specifically for hashing to second random number and preset value, the hash that will be obtained
Value is used as encryption key.
18. token server as claimed in claim 16, which is characterized in that
Described second generates submodule, specifically for hashing to the token serial number and preset value, the hash that will be obtained
Value is used as initialization vector.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610350413.1A CN105827652B (en) | 2016-05-24 | 2016-05-24 | A kind of method and apparatus authenticating dynamic password |
PCT/CN2017/078542 WO2017202136A1 (en) | 2016-05-24 | 2017-03-29 | One-time-password authentication method and device |
US16/092,500 US11064358B2 (en) | 2016-05-24 | 2017-03-29 | One-time-password authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610350413.1A CN105827652B (en) | 2016-05-24 | 2016-05-24 | A kind of method and apparatus authenticating dynamic password |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105827652A CN105827652A (en) | 2016-08-03 |
CN105827652B true CN105827652B (en) | 2019-06-18 |
Family
ID=56531104
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610350413.1A Active CN105827652B (en) | 2016-05-24 | 2016-05-24 | A kind of method and apparatus authenticating dynamic password |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105827652B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017202136A1 (en) * | 2016-05-24 | 2017-11-30 | 飞天诚信科技股份有限公司 | One-time-password authentication method and device |
CN111465008A (en) * | 2019-01-21 | 2020-07-28 | 苹果公司 | Initialization vector generation when performing encryption and authentication in wireless communications |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420297A (en) * | 2008-09-08 | 2009-04-29 | 北京飞天诚信科技有限公司 | Method and system for negotiating cipher |
WO2013034681A1 (en) * | 2011-09-08 | 2013-03-14 | Ehrensvaerd Jakob | Devices and methods for identification, authentication and signing purposes |
CN103607281A (en) * | 2013-11-12 | 2014-02-26 | 飞天诚信科技股份有限公司 | Safety device unlocking method and system |
CN104092545A (en) * | 2014-06-30 | 2014-10-08 | 飞天诚信科技股份有限公司 | Authentication system integrating various dynamic passwords and working method thereof |
-
2016
- 2016-05-24 CN CN201610350413.1A patent/CN105827652B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420297A (en) * | 2008-09-08 | 2009-04-29 | 北京飞天诚信科技有限公司 | Method and system for negotiating cipher |
WO2013034681A1 (en) * | 2011-09-08 | 2013-03-14 | Ehrensvaerd Jakob | Devices and methods for identification, authentication and signing purposes |
CN103607281A (en) * | 2013-11-12 | 2014-02-26 | 飞天诚信科技股份有限公司 | Safety device unlocking method and system |
CN104092545A (en) * | 2014-06-30 | 2014-10-08 | 飞天诚信科技股份有限公司 | Authentication system integrating various dynamic passwords and working method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN105827652A (en) | 2016-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10911431B2 (en) | Local encryption for single sign-on | |
US9330245B2 (en) | Cloud-based data backup and sync with secure local storage of access keys | |
EP2304636B1 (en) | Mobile device assisted secure computer network communications | |
US8737624B2 (en) | Secure email communication system | |
US9866387B2 (en) | Method and system for accessing device by a user | |
US20150195257A1 (en) | Securing passwords against dictionary attacks | |
CN108809633B (en) | Identity authentication method, device and system | |
CN106878016A (en) | Data is activation, method of reseptance and device | |
CN106100830B (en) | A kind of method and apparatus that seed key being written in NFC dynamic token | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
Nyamtiga et al. | Enhanced security model for mobile banking systems in Tanzania | |
US11438316B2 (en) | Sharing encrypted items with participants verification | |
CN113204760B (en) | Method and system for establishing secure channel for software cryptographic module | |
CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
CN108206739A (en) | Key generation method and device | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
EP3119032A1 (en) | Security management system for performing a secure transmission of data from a token to a service provider server by means of an identity provider server | |
CN102404337A (en) | Data encryption method and device | |
US10211992B1 (en) | Secure certificate pinning in user provisioned networks | |
CN105657699A (en) | Safe data transmission method | |
CN105827652B (en) | A kind of method and apparatus authenticating dynamic password | |
Dey et al. | A light-weight authentication scheme based on message digest and location for mobile cloud computing | |
WO2017202136A1 (en) | One-time-password authentication method and device | |
Sinnhofer et al. | Patterns to establish a secure communication channel |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |